GDPR & Cybersecurity
07 March 2024

The key elements to take into account when implementing NIS2

by Gorik Van den Bergh

The new European directive NIS2 is the successor to NIS (Network and Information Security Directive) and will come into force on 17 October 2024. In previous publications, we have told you what NIS2 exactly entails and the potential impact on your organisation. In this article, we make a list of the important elements to take into account when implementing NIS2.

We are confronted with the importance of cybersecurity and therefore the importance of NIS2 in the news every day. The Centre for Cybersecurity Belgium (CCB) also reported on this in its CCB Report:

Belgian organisations were mainly victims of ransomware and DDoS attacks in 2023. They were also affected by other categories of cyber incidents, such as data breaches, CEO fraud, threat indications on the dark web and dedicated forums where stolen data was published, and the compromise of Belgian IP addresses used in cyber operations.
Phishing is still one of the main attack methods used by attackers to install malware on a target system, but it is also one of the most common forms of attack used to steal data, such as personal and identification information, and to commit cyber fraud.

The key elements to take into account when implementing NIS2

1. Awareness

It is imperative that your organisation's senior management is aware of and understands the requirements of the NIS2 Directive and risk management efforts. Directors have a direct responsibility to address cyber risks and comply with the requirements. By extension, it is of course important that all employees are sufficiently aware of potential cyber threats.

2. Risk Management

The term risk management is mentioned no less than 144 times (!) in the NIS2 publication. It is therefore a part of the NIS2 directive that should not be underestimated. Indeed, organisations should implement measures to minimise the risks and consequences they have identified.

3. Reporting to authorities

Organisations should have processes and procedures in place to ensure that they report incidents to the authorities in an accurate and timely manner.

4. Business continuity

Organisations should take steps to ensure business continuity, including back-ups, recovery tests, emergency plans and crisis management.

5. Suppliers

In addition, organisations should identify security risks at their suppliers. Suppliers are often part of an organisation's wider chain of trust. An unprotected supplier can be a weak link and pose a risk to the entire organisation and its stakeholders.

6. Sanctions

Organisations that fail to comply with the requirements of NIS2 may be subject to a range of possible sanctions, including fines or administrative penalties of up to EUR 10 million for so-called significant entities (2% of global turnover) and EUR 7 million for important entities (1.4% of global turnover).

NIS2 Compliance Journey

How can we at Vandelanotte help you?

  • (IT) risk management software to make your organisation's risk management more efficient;

  • Request penetration tests to evaluate and improve your organisation's resilience;

  • Discover our cybersecurity awareness solutions (phishing, online training, ...).

Our experts will advise and, if necessary, assist you in implementing the necessary security measures to be NIS compliant.

Want to know more about your organisation's cybersecurity compliance? Contact Gorik.vandenbergh@vdl.be

Contact form

Do you want to know more or need specialist advice? Don't hesitate to contact one of our specialists.

This form can only be sent with the use of technical cookies. You can accept these cookies here.
These cookies are used to distinguish people from bots. Certain data, such as your IP address or language preference, can be sent to Google. More information in our cookie policy.